<?php
//Security Tool

function comHash($password) {
    //加盐哈希
    $salt = md5('7824a*p'); //盐
    $password=md5($password).$salt;  //把密码进行md5加密然后和salt连接
    $password=md5($password);  //执行MD5散列
    return $password;  //返回散列    
}

function detectSqlInjection($input) {
    //过滤常见的SQL注入字符和模式
    $patterns = [
        // 基本SQL关键字
        '/([\'\;\-\-])/',
        // UNION查询
        '/UNION\s+SELECT/i',
        // DROP、CREATE等危险SQL命令
        '/(\bDROP\b|\bCREATE\b|\bALTER\b|\bDELETE\b|\bUPDATE\b|\bINSERT\b|\bTRUNCATE\b)/i',
        // 常见的注入模式
        '/%27/i',    // URL编码的单引号
        '/%20OR/i',  // URL编码的空格 + OR
        '/%20AND/i', // URL编码的空格 + AND
        '/(\s+OR\s+[\d\'\"\w\(\)]+)/i',
        '/(\s+AND\s+[\d\'\"\w\(\)]+)/i',
        '/(\s+XOR\s+[\d\'\"\w\(\)]+)/i',
        '/(\s+LIKE\s+[\d\'\"\w\(\)]+)/i',
        '/(\s+BETWEEN\s+[\d\'\"\w\(\)]+\s+AND\s+[\d\'\"\w\(\)]+)/i',
        '/(\s+IN\s+\([\d\'\"\w, ]+\))/i'
    ];

    foreach ($patterns as $pattern) {
        if (preg_match($pattern, $input)) {
            return true; // 检测到可能的SQL注入
        }
    }

    return false; // 未检测到SQL注入
}
?>